Morgan Stanley Fined $35 Million For Security Lapses

It has been announced that Morgan Stanley has agreed to pay a $35 million penalty for data security lapses that included unencrypted hard drives from decommissioned data centres being resold on auction sites without first being wiped.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jordan.schroeder
Jordan.schroeder , Managing CISO
InfoSec Expert
September 22, 2022 6:18 pm

This is an astonishing security mistake by one of the world’s most prestigious banks, who would be expected to have well-established procedures in system life cycle management.

Not only does the situation mean that the bank put customer data at risk, but it also demonstrates the organisation was not following an expected policy which explained the secure disposing of IT equipment. Such a large fine, and the impact to Morgan Stanley customers, is an avoidable consequence.

Other businesses must use this case as an example of why it is critical to have processes in place on how to properly dispose of IT equipment. IT systems hold confidential information, so working with a trusted provider than can destroy data without putting it at risk is essential.

Any company that doesn’t do this will find itself breaching GDPR and other privacy regulations and could face similar fines.

Last edited 3 days ago by jordan.schroeder
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x